Distributed Lightweight KERBEROS Protocol for Mobile Agent Systems

2011 IEEE GCC Conference and Exhibition (GCC), February 19-22, 2011, Dubai, United Arab Emirates

DISTRIBUTED LIGHTWEIGHT KERBEROS PROTOCOL FOR MOBILE AGENT SYSTEMS H.M.N. Al-Hamadi, C.Y. Yeun, M.J. Zemerly, and M. Al-Qutayri College of Engineering Khalifa University for Science, Technology and Research, UAE {hussam.alhamadi, cyeun, jamal, mqutayri}@kustar.ac.ae the characteristics of such systems [3]. Therefore, accurate counter-measures should be taken to provide security for this system. The main motivation of this paper is to propose a new security protocol which is henceforth termed Distributed Lightweight Kerberos (DLK) protocol. DLK provides security and lowers the overhead on the owner device. In addition, it provides mutual authentication supported with confidentiality for a distribution system like MAS. The rest of the paper is structured as follows. Section 2 reviews related work similar to the DLK protocol. Section 3 presents the proposed DLK protocol by applying it to MAS. Section 4 describes the security and design analysis of DLK. Finally, the conclusions of this study are presented in Section 5.

ABSTRACT This paper focuses on an efficient technology for implementing a Mobile Agent System (MAS). The mobile agent is able to hold consumers’ requests, migrates between platforms and executes its code autonomously. The agent is required to return results to its owner, so he or she can make the right decisions. Kerberos protocol is one of the best known authentication protocols based on symmetric key. Kerberos is a trusted third-party authentication protocol designed to establish network security. In this paper, we propose a new protocol that is based on enhancements modification of Kerberos and is suited to provide confidentiality, integrity, authentication and authorization. A security analysis of the new protocol is also provided.

2. RELATED WORK Index Terms— Mobile Agent System, Kerberos, Ticket Granting Service, Data Security

Recently, a number of countermeasures have been developed to apply security in MAS. There is a general myth that is only hardware protection could make MA protected in [4]. A number of countermeasures [2, 3] and some other algorithms are in control over MA and its executable processes. A set of base assumptions for MAS security includes that MA trusts the home platform and the home platform and other equally trusted platforms have no flaws [1]. Basically, as in RFC 4120 [5], Kerberos provides means of identifying the parties on unprotected networks. In addition, it provides the confidentiality, accountability and authorization [6]. The Kerberos protocol is one of the efficient authentication and key exchange protocols. It consists of two servers: Authentication server (AS) and Ticket Granting server (TGS). Both of them are under a unit called Key Distribution Center (KDC). The AS is a trusted third-party that keeps a database of its clients’ username and a hash value of their passwords (private keys). Kerberos version 5 has five messages, in addition to a sixth optional message that gives this protocol the authority to accept or reject the requesting service. Figure 1 shows the outline process of the Kerberos authentication protocols which consists of three main steps. Table 1 shows the abbreviations used in the protocol description.

1. INTRODUCTION MAS is a distribution system, it uses the internet as a media for its connection and serves the owner in getting their request’s results while they are walking, shopping or traveling. MAS uses the consumer’s mobile devices such as laptop, PDA, or smart phone that helps the owner to initiate his/her request. Then, he/she waits for the agent which carries the request to return back with the results. MAS consists of two main parts; the Mobile Agent (MA) and the Platforms (i.e. the home platform and the service provider platform). The MA is an autonomous software that can migrate itself from its home platform to the various Service Provider (SP) platforms which are supporting the execution of the MA’s code [1]. Any MA consists of mutual properties that any other mobile agent has; which are mobility, reactivity, proactively, autonomy and sociability [2]. On the other hand, a platform is an environment that is responsible to create, execute, send, receive and destroy MAs. In addition, a platform provides the intermediate facilities for MAs to communicate. Unfortunately, this system still has no fully secure protocol. Securing MAS presents many challenges due to

978-1-61284-119-9/11/$26.00 ©2011 IEEE

233

where: AC = [C, t] TC,S = [C, AddC, KC,S, VPT] Step 3. The client decryypts the message which is encrypted by the KC,TGS and obtains o the KC,S. The client then creates its authenticator again a and encrypts it by the session key KC,S. In addition to t that it forwards the ticket TC,S. Then, the server decryptss the ticket TC,S , and obtains the session key KC,S betweenn itself and the client. The server decrypts the authenticator to verify whether the client ID and the network adddress are matching or not between the ticket and the auuthenticator. If so, then the server has the choice to servve the client or not. If the server decides to serve the client, it will update the timestamp and send it back to the client encrypted by the session key KC,S. The client wiill verify the integrity of the updated timestamp (usually, timestamp t +1) and start the session between him and the seerver. ClientÆServer: {TC,S}K KS || {AC}KC,S ServerÆClient: {t + 1}KC,S

Figure 1: The Kerberos Prottocol Table 1: Kerberos Table of Abbrreviation

C S AS TGS KX KX,Y AddC VPT t {m}KX AX TX,Y ||

= = = = = = = = = = = = =

Client ID Server ID Authentication Server Ticket Granting Serverr Private Key for X (Seccret Key) Session Key between X and Y Client’s Network Addrress Ticket’s Validation Peeriod Timestamp Message m encrypted by X’s key Authenticator for X X’s Ticket to use Y Concatenation

3. DLK PROTOC COL FOR MAS This paper proposes thee DLK protocol to secure MAS. DLK is an enhanced protocol p based on Kerberos which provides mutual authhentication supported with confidentiality for a distributtion system like MAS. In addition, it reduces the amounnt of messages between the parties involved. The DLK protocol will be explained through the following scenario. Let us asssume that a user is in the middle of doing some work, and he/she just gets news about an important automobile’s exhibition which has been scheduled in London. Soo, he/she takes out a smart phone, and opens an applicatioon called Airfare Agent. Once the application runns, a dialog box pops up asking for a username and a password. The user enters them then, waits till the loginn process is finished. After the login, he/she will choosse Airfare inquiry service among several services relatedd to traveling. The user will have to fill an e-application forrm which will be carried by the MA. The departure date, destination d and return date, all are included in the e-appliccation form which is sent to the TGS. The user TGS contaacts all the airline agencies that are registering with the MAS M service and providing the demanded service. Only the t airline agencies that are willing to serve the request will w send back a validation ticket with the MA’s results (airfare prices and time of departure). Then, the user has the option to select from the updated agency list of ressults which airline agencies he/she would like to reserve a ticket. Table 2 shows the abbreviations used for the DLK K protocol. In DLK protocol, thhe home platform will authenticate itself first to thee AS. The AS receives the username from the HP and searches s in the database to find the password and hashes it to generate the secret key KHP.

Step 1. The client enters the usernaame and password to login. The password is hashed to get the t private key KC and the username C is sent through the network n to the AS as a plaintext. AS will get the username and search within the database to get the saved secret key. AS will encrypt the ticket TC,TGS using u a secret key KTGS. In addition, it also generates a sesssion key KC,TGS so that the client can communicate with thhe TGS securely. This can be illustrated using the followinng abbreviations: ClientÆAS: [C] AS ÆClient: {TC,TGS}KTGS || {KC,TGS } KC C where: TC,TGS = [C, AddC, KC,TGS, VPT] Step 2. In this stage the client dooes not have the KTGS. But, it can decrypt the second messsage using its KC to obtain the session key KC,TGS. It willl use this key in order to secure its authenticator AC. Theen, the client will forward the ticket and send its authentticator. The TGS decrypts the ticket TC,TGS, obtains KC,TGGS and decrypts the authenticator to verify whether the cllient ID and the network address are matched between the t ticket and the authenticator or not. The TGS generatees the session key KC,S for the client and the server and encrypts it using KC,TGS. In addition, a ticket for thee server will be encrypted by its secret key KS. ClientÆTGS: [S,{TC,TGS}KTGS] || {AC}KC,TGS TGSÆClient: {TC,S}KS || {KC,S}K KC,TGS

234

ID and the address network. The TGS obtains the SID and searches in its database foor SP platforms that provide this service. For now, we woould assume that the TGS finds several SP platforms. The TGS will clone the mobile agent to the same number of available SP platforms. The TGS will create a ticket THP and encrypt it using the session key betw ween itself and the home platform KHP,TGS. The most important part is that the TGS will create, on behalf of the home platform, an authenticator which contains the t HP ID, timestamp, SID, the session key KSPPx,HP and a clone c of the original mobile agent. This authenticator is encrypted using the SP platform secret key KSSPx. Theen, the TGS sends both the ticket and the authenticator too the SP platform as shown below:

Table 2: MAS with enhanced Kerberos prrotocol “Table of Abbreviations”

HP SPPX SID MAx RX AS TGS KX KX,Y AddP VPT tX tX,Y {m}KX AX TX ||

= Home Platform = Service Provider Platform ID for X = Service ID = Mobile Agent with label X = MA’s results and status from X = Authentication Server = Ticket Granting Server = Private Key for X (Secret Keyy) = Session Key between X and Y = Platform’s Network Address = Ticket’s Validation Period = Timestamp for X = Timestamp for X updated by Y = Message m encrypted by X’s private key = Authenticator for X = Ticket to communicate with X = Concatenation

TGSÆSPPX: {HP, tHP, SID, KSPPx,HP, MAC}KSPPx || {THP}KHP,TGS where THP = [SPPX, AddSPPxx, KSPPx,HP, VPT] MAC= A clone mobille agent

The AS is responsible for generatiing a session key KHP,TGS for the home platform with a ticket TTGS to contact the TGS. For now, everythhing follows the Kerberos protocol. In DLK protocol we enhance the way the TGS operate, see figure 2. Step 1, the home platform sends s a similar authenticator as in the Kerberos protoocol but has the service ID and the mobile agent as show wn below:

Step 3, if the SP platforrm is willing to serve the home platform, then, it will allow the mobile agent to execute itself. The SP platform m forward the ticket TSSPx,HP and send an authenticator which w includes its ID, the updated time stamp and the ressults as shown below: SPPXÆ HP: {SPPX, tHP,SPPx, RX}KSPPx,HP || {THP}KHP,TGS

HP Æ AS: [HP] AS Æ HP: {KHP,TGS}KHP || {TTGS}K } TGS HP Æ TGS: {TTGS}KTGS||{HP,tHP,SID,MAo} KHP,TGS where TTGS = [HP, AddHP, KHP,TGS, VPT] MAo = the original mobile agennt

Step 4, The HP decrypts the ticket using its session key KHP,TGS. The ticket has thee session key which will be used to decrypt the authenticcator. Then, it matches the SPP, and AddSPP between the ticket t and the authenticator. Finally, the home platforrm will display the results and status of the MA for the owner o after the verification process.

Step 2, as in the Kerberos prootocol, the TGS decrypts the ticket to get the session keyy KHP,TGS. Then, it decrypts the HP authenticator, in order to match the HP

Figure 2: DLK Protocol for MAS

235

servers that the HP would communicate with them. Table 3 shows that our protocol will only require one more message in case of one server as compared to the Kryptoknight protocol. The equations that have been used to determine the number of messages are: For Kerberos: 4X + 2 For Kryptoknight: 4X For our protocol: 2X + 3 where X is the number of servers.

4. SECURITY AND DESIGN ANALYSIS This section consists of two parts. One is the security analysis and the other is the design analysis. 4.1. Security Analysis In this part, we discuss how the DLK protocol provides the confidentiality, integrity, authentication and authorization. Confidentiality is the demand for protecting the mobile agent from unauthorized access. Many techniques have been developed to provide confidentiality of the mobile agent. Encryption techniques are mainly used in order to conceal the sensitive information of the mobile agent. In the DLK protocol, session keys are used to encrypt the mobile agent. This encryption technique would protect the mobile agent from being tampered with. Overall, the session key has an expiry period (validation period) that requires the principle parties (HP and SSP) to change their session key. This encryption technique saves the MAS from disclosure of sensitive information attack. Integrity is a security requirement that ensures that a particular piece of information has not been modified by a third party at some point in time. There are several ways of offering this element of security, such as oneway hash function. This is important to the owner of the mobile agent, as it guarantees that the received information has not been modified and is signed by a trusted sender. In the DLK protocol, one-way hash function is used to check the integrity of the password. Then, the AS generates, depending on the hash value, the security key to communicate with HP. In addition, the DLK protocol includes the timestamp to verify the message freshness and avoid the replay attacks. Authentication is the first line of defense and a major requirement to many security solutions. This security requirement prevents the MAS from having several attacks, such as masquerading and eavesdropping attacks. The DLK protocol provides the MAS with mutual authentication feature in which two parties authenticate each others’ identity before starting to collaborate. In addition, the mutual authentication prevents Man-in-the-Middle attack. Authorization is the function of specifying the rights of the mobile agent to be executed by the SPP. In the DLK protocol, the TGS provides the SP platform with information about the HP and the type of task the mobile agent carries. The SP platform then gives the right for the mobile agent to run its code. On the other hand, the owner has an authorization to select which platform to contact after getting the results.

Table 3: Comparison between the three protocols X

Kerberos protocol [7] Kryptoknight protocol [8] Our Protocol

1

2

3

4

5

6

7

6

10

14

18

22

26

30

4

8

12

16

20

24

28

5

7

9

11

13

15

17

5. CONCLUSION In this paper, we presented an enhancement to the Kerberos protocol which we termed the Distributed Lightweight Kerberos (DLK) protocol. The advantages of our new protocol, is that it addresses mutual authentication and key distribution requirements for MAS. We limited the number of messages in this protocol and made it suitable for MAS. This protocol assures confidentiality, integrity, authentication, authorization and scalability of MAS and overall, it is a lightweight in terms of number of messages between the principle parties. Our future work includes, implementing DLK protocol using Java language and evaluating it. 6. REFERENCES [1] A. Sarje, D. Choudhari, S. Rayanchu, "A route secure parallel dispatch model for mobile agents security", Proc. 11th International Conference on Parallel and Distributed Systems, 2005, vol.2, pp. 575- 579, 20-22 July 2005. [2] Z. Shen, Q. Tong, "A Security Technology for Mobile Agent System Improved by Trusted Computing Platform", Proc. 9th International Conference on Hybrid Intelligent Systems, HIS '09, vol. 3, pp. 46-50, 12-14 Aug. 2009. [3] Q. Zhang, Y. Mu, M. Zhang, R.H. Deng, "Secure Mobile Agents with Designated Hosts", Proc. 3rd International Conference on Network and System Security, NSS '09, pp. 286293, 19-21 Oct. 2009. [4] L. Ma, J.J.P. Tsai, "Formal Modeling and Analysis of a Secure Mobile-Agent System", IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans, vol.38, no.1, pp. 180-196, Jan. 2008. [5] RFC 4120, http://tools.ietf.org/html/rfc4120#ref-NT94, 8/7/2010. [6] C.Y. Yeun, K. Lua and J. Crowcroft, “Security for Emerging Ubiquitous Network”, Proc. 62nd IEEE Vehicular Technology Conference. vol.2, pp. 1242-1248, 2005. [7] J.G. Steiner, C. Neuman, J. I. Schille, “Kerberos: An Authentication Service for Open Network Systems”, Usenix Conference Proceedings, 1988, pp. 191-202. [8] P. Janson, G. Tsudik, M. Yung, “Scalability and Flexibility in Authentication Services: The KryptoKnight Approach”, Proc. of IEEE INFOCOM, pp. 725-736, 1994.

4.2. Design Analysis In this part, we compare our protocol with two other protocols; they are the Kerberos protocol [7] and the Kryptoknight protocol [8]. We will compare the three protocols in terms of number of messages via number of

236